CN103986688A

CN103986688A - Method of authenticating a user of a peripheral apparatus, a peripheral apparatus, and a system for authenticating a user of a peripheral apparatus

Info

Publication number: CN103986688A
Application number: CN201410049014.2A
Authority: CN
Inventors: 本杰明·约翰·帕克斯
Original assignee: Canon Europa NV
Current assignee: Canon Europa NV
Priority date: 2013-02-12
Filing date: 2014-02-12
Publication date: 2014-08-13
Anticipated expiration: 2034-02-12
Also published as: EP2765529B1; BR102014003261A2; CN103986688B; US9203825B2; RU2580400C2; JP5972920B2; BR122014007863A2; US20140230023A1; JP2014197385A; RU2014103778A; EP2765529A1

Abstract

The invention relates to a method of authenticating a user of a peripheral apparatus, a peripheral apparatus, and a system for authenticating a user of a peripheral apparatus. The method of authenticating a user at a peripheral apparatus (10) comprises the following steps performed by the peripheral apparatus (10): receiving (S810) a log-in request from a user; sending (S820) a request to a social networking service to authenticate the user's social networking service account; receiving (S830) the user's social networking service account information from the social networking service; determining (S840) based on the user's social networking service account information whether the user is authorised to access the peripheral apparatus (10); and allowing (S850, S860), in a case that the determining determines based on the user's social networking service account information that the user is authorised to access the peripheral apparatus (10), the user access to the peripheral apparatus (10).

Description

The user's of authentication ancillary equipment method and system, ancillary equipment and mobile device

Technical field

The present invention relates to authentication method, authenticating device and Verification System.Especially, the present invention relates to authenticate the user at ancillary equipment place method, for authenticate ancillary equipment user ancillary equipment and for authenticating the user's of ancillary equipment system.

Background technology

OAuth makes the user can be in the situation that ratify without the authority such as password etc. of sharing them authentication protocol that application program represents that these users are worked.In traditional client-server authentication model, client is used its authority to visit the hosted resource of server.OAuth introduces third party role to this model: Resource Owner.In OAuth model, that (be not Resource Owner but represent that it works) client-requested access resources owner controls but by the hosted resource of server.

In order to make client-access resource, first this client must secure permission from Resource Owner.This license is to represent with token and the mode of the shared key matching.The object of token is to make Resource Owner share authority with client.Different from Resource Owner's authority, can send and be limited in scope and useful life is limited and the token of independently cancelling.More information about relevant with OAuth, please refer to http:// oauth.net/.

Social networking service is pay close attention to build and social networks between interest and/or movable people or online service, platform or the website of social networks are for example shared in reflection, and interest, background and/or movable identical or to a certain extent similar people set up themselves community.Social networking service comprises expression (being generally profile), his/her social contact and various Additional Services of each user.Most of social networking service are based on web and the mode via internet interaction such as the user of Email and instant messaging etc. is provided.Social network sites makes user can in their network separately, share idea, activity, event and interest.

The main Types of social networking service is to comprise following type: category place (such as front academic year or classmate etc.), the mode (conventionally having the self-description page) contacting with friend and the commending system that links to trust.Popular approach is now combined by widely used Facebook (RTM), Google+ (RTM) and Twitter (RTM) in a plurality of and world wide in these types.Twitter is online social networking service and its user can be sent and read the nearly microblog service of the text based model of 140 characters that is known as " microblogging (tweet) ".Non-registered users can be read these microbloggings, and registered user can or carry out issuing microblog for the various application programs of mobile device by web station interface, SMS.

In large-scale MFP installs, Active Directory (by the directory service of Microsoft (RTM)) can be installed to control user's login.Yet, in less installation, Active Directory is installed expensive and inconvenient.Expectation provides the alternative login mechanism of the less installation that is applicable to MFP group.

Summary of the invention

The object of this invention is to provide and make it possible in the situation that the ancillary equipment user at ancillary equipment place being authenticated without the specific authentication resource in ancillary equipment and the method for ancillary equipment.In other words, the object of this invention is to provide for authenticating the user's at ancillary equipment place the low-cost mechanism of simplification.

According to a first aspect of the invention, provide a kind of for authenticating the user's at ancillary equipment place method, comprise the following steps of being undertaken by described ancillary equipment: from user, receive logging request; To social networking service, send request to authenticate described user's social networking service account; From described social networking service, receive described user's social networking service accounts information; Determining step, judges for the social networking service accounts information based on described user whether described user is authorized to the described ancillary equipment of access; And in the situation that the social networking service accounts information of described determining step based on described user is judged as the described ancillary equipment of the authorized access of described user, allow described user to access described ancillary equipment.

In certain embodiments, described determining step comprises: be connected with keeper's social networking service account, to judge whether described user's social networking service accounts information is associated with the expression of described ancillary equipment in described social networking service.

In certain embodiments, the expression of described ancillary equipment in described social networking service is associated with the member's of described social networking service in described social networking service list, and/or the expression of described ancillary equipment in described social networking service is associated with the member's of described social networking service in described social networking service list group.

In certain embodiments, expression by described ancillary equipment on described social networks comprises with the step that the member's of described social networks list is associated: for the member's of described social networking service list, define the access level for the function of described ancillary equipment, and the expression on described social networks comprises with the step that the member's of described social networks list group is associated by described ancillary equipment: the list group for the member of described social networking service, defines the access level for the function of described ancillary equipment.

In certain embodiments, the step sending request to described social networking service comprises: from described social networking service request access token.In certain embodiments, described determining step comprises: with described access token, obtain described user's social networking service user name, and judge whether described user name is associated with the expression of described ancillary equipment in described social networking service.In certain embodiments, described method also comprises storing step, in described storing step, by described access token with for identifying described user's information, be stored in explicitly described ancillary equipment.In certain embodiments, described storing step comprises: described access token and described user's RFID is stored explicitly.Preferably, the described access token of storing carries out the logging request of repetition for representative of consumer.

In certain embodiments, from the step of described social networking service request access token, comprise: use OAuth authentication processing or xAuth authentication processing.

In certain embodiments, before sending described request to described social networking service, mobile device is determined the first information that described ancillary equipment provides.

In certain embodiments, the described first information is URL, and described ancillary equipment provides described URL to described user, and described mobile device inputs to described mobile device by described user by described URL and determines described URL.In certain embodiments, the received described URL of described mobile device makes user can login described social networking service.In certain embodiments, the received described URL of described mobile device makes user can login described social networking service and authorize and send access token to described ancillary equipment.

In other embodiments, described ancillary equipment provides the described first information resulting machine readable code of encoding, and described mobile device is determined the described first information by the described machine readable code reading and the described ancillary equipment of decoding provides.

In certain embodiments, to described social networking service, sending described request with after authenticating described user, described mobile device is determined the second information that described social networking service provides.In certain embodiments, described the second information is code, and described method is further comprising the steps of: described ancillary equipment receives described code via the user interface of described ancillary equipment from described user.In certain embodiments, described code is numeral.

In other embodiments, described machine readable code is bar code or other machine readable code for described identifying information is encoded, and described mobile device is configured to determine described identifying information by the described bar code or other machine readable code that read and the described peripheral unit of decoding provides.

According to a further aspect in the invention, provide a kind of ancillary equipment, for carrying out following operation: receive logging request from user; To social networking service, send request to authenticate described user's social networking service account; From described social networking service, receive described user's social networking service accounts information; Social networking service accounts information based on described user judges whether described user is authorized to the described ancillary equipment of access; And in the situation that the social networking service accounts information of described ancillary equipment based on described user is judged as the described ancillary equipment of the authorized access of described user, allow described user to access described ancillary equipment.

In certain embodiments, described ancillary equipment comprises as at least one the peripheral unit in printer, facsimile machine and scanner.

According to another aspect of the invention, provide a kind of mobile device, it comprises that described function comprises for authenticating the user's at ancillary equipment place function: for read and the machine readable code of decoding to determine the parts of identifying information; Thereby and authorize for make user can login social networking service with determined described identifying information the parts that send access token to described ancillary equipment.

In certain embodiments, described mobile device is mobile phone, PDA, digital camera, notebook computer or other mobile device.

According to another aspect of the invention, provide a kind of for authenticating the user's of ancillary equipment system, described system comprises: ancillary equipment, for receiving logging request from user, and sends request to authenticate described user's social networking service account to social networking service; And social networking service, for receiving described request and described user's social networking service accounts information being sent to described ancillary equipment, wherein, described ancillary equipment carries out following operation: the social networking service accounts information that receives described user from described social networking service; Social networking service accounts information based on described user judges whether described user is authorized to the described ancillary equipment of access; And in the situation that the social networking service accounts information of described ancillary equipment based on described user is judged as the described ancillary equipment of the authorized access of described user, allow described user to access described ancillary equipment.

According to another aspect of the invention, provide a kind of for authenticating the user's at ancillary equipment place method, comprise the following steps: utilize mobile device to determine the first identifying information and to described ancillary equipment, send access request via social networking service, wherein said access request comprises determined described the first identifying information and for identifying the second information of described user's social networking service account; Described ancillary equipment receives described access request via described social networking service, and the information based on described access request judges whether described user is authorized to the described ancillary equipment of access; And in the situation that described ancillary equipment is judged as the described ancillary equipment of the authorized access of described user based on described access request, described ancillary equipment allows described user to access described ancillary equipment.

In certain embodiments, utilizing before described ancillary equipment carries out described judgement, described ancillary equipment is connected with keeper's social networking service account, and the expression in described social networking service is registered explicitly by described the first identifying information and described ancillary equipment, wherein, the step of utilizing described ancillary equipment to judge comprises: be connected with described keeper's social networking service account, access described access request, and judge that information in described access request is whether corresponding with the details of registered described ancillary equipment.

In certain embodiments, described access request is from described user's social networking service account, to be sent to direct (maintaining secrecy) message of described keeper's social networking service account.

In certain embodiments, described ancillary equipment is based on determining the access level for described ancillary equipment for identifying described second information of described user's social networking service account.

In certain embodiments, described the first identifying information comprises code, and described ancillary equipment provides described code to user, and described mobile device inputs to described mobile device by described user by described code and determines described the first identifying information.

In other embodiments, described ancillary equipment provides described the first identifying information resulting machine readable code of encoding, and described mobile device is determined described the first identifying information by the described machine readable code reading and the described ancillary equipment of decoding provides.

In certain embodiments, described the first identifying information comprises random number.

In certain embodiments, described the first identifying information comprises for identifying the information of keeper's social networking service account.

In certain embodiments, described ancillary equipment is configured to generate described the first identifying information.

In certain embodiments, described the first identifying information can obtain according to the position of described ancillary equipment, and described mobile device is determined described the first identifying information by detecting the position of described ancillary equipment.Preferably, the position of described ancillary equipment is to determine with the position detection component in described mobile device.In certain embodiments, described position detection component is gps sensor.Preferably, the position coordinates that described the first identifying information is the predetermined figure of described ancillary equipment.

According to another aspect of the invention, provide a kind of for authenticating the user's at ancillary equipment place system, described system comprises: mobile device, for determining the first identifying information and sending access request via social networking service to described ancillary equipment, wherein said access request comprises determined described the first identifying information and for identifying the second information of described user's social networking service account; And ancillary equipment, be used for receiving described access request, and the information based on described access request judges whether described user is authorized to the described ancillary equipment of access, wherein, described ancillary equipment is configured to, in the situation that described ancillary equipment is judged as the described ancillary equipment of the authorized access of described user based on described access request, allow described user to access described ancillary equipment.

According to another aspect of the invention, provide a kind of mobile device, it comprises that described function comprises for authenticating the user's at ancillary equipment place function: thereby for reading and the machine readable code of decoding is determined the parts of the first identifying information; And for send the parts of access request to described ancillary equipment via social networking service, wherein said access request comprises determined described the first identifying information and for identifying the second information of described user's social networking service account.

According to another aspect of the invention, provide a kind of ancillary equipment, comprising: the parts of the first identifying information are provided to user for the form with machine readable code; And for accessing social networking service account and judging the whether authorized parts of accessing described ancillary equipment of described user based on described the first identifying information.

In certain embodiments, at least one mode that provides the parts of described the first identifying information to be configured in the following manner, to described user, provide described the first identifying information: the display that described the first identifying information is presented to described ancillary equipment; And print described the first identifying information.

In certain embodiments, described ancillary equipment also comprises: for generating the parts of described the first identifying information.

In certain embodiments, described ancillary equipment is configured to provide described the first identifying information with the form of bar code or QR code.

According to another aspect of the invention, provide a kind of method for the information relevant with ancillary equipment of communicating by letter, comprise the following steps of being undertaken by described ancillary equipment: be connected with the social networking service account that represents described ancillary equipment; And the one or more users that the information relevant with described ancillary equipment are sent to described social networks.

In certain embodiments, the information that described ancillary equipment sends is and one or more relevant information with lower: the information relevant with the situation of described ancillary equipment, the information relevant with the purposes of described ancillary equipment, the information relevant with the position of described ancillary equipment, identify the user's of described ancillary equipment information, with the integral body of described ancillary equipment or the movable relevant information of individual consumer, the information relevant with the user action that uses described ancillary equipment to carry out, the information of the cost that uses described external equipment is described in detail in detail to described user, described ancillary equipment is described in detail in detail for the information of the material processing user action and use, and the information relevant with the maintenance of described ancillary equipment.

According to another aspect of the invention, provide a kind of ancillary equipment, for the information relevant with described ancillary equipment of communicating by letter, comprising: the parts that are connected for the social networking service account with representing described ancillary equipment; And for the information relevant with described ancillary equipment being sent to one or more users' of described social networking service parts.

Accompanying drawing explanation

Now will only with reference to accompanying drawing, various embodiments of the present invention be described by way of example, wherein:

Fig. 1 illustrates the structure of the first embodiment;

Fig. 2 illustrates the hardware of MFP;

Fig. 3 illustrates keeper's Twitter account;

Fig. 4 illustrates the MFP list in Twitter;

Fig. 5 illustrates the establishment of the MFP list in Twitter;

Fig. 6 illustrates the Twitter user that selection will be added into MFP list;

Fig. 7 illustrates Twitter user add to the MFP list creating in Fig. 5;

Fig. 8 illustrates the step of the general login process at MFP place;

Fig. 9 illustrates the demonstration of MFP;

Figure 10 illustrates another demonstration of MFP;

Figure 11 illustrates the step of carrying out in MFP place according to the first embodiment;

Figure 12 illustrates another demonstration of MFP;

Figure 13 illustrates another demonstration of MFP;

Figure 14 illustrates the step of carrying out in MFP place according to the second embodiment;

Figure 15 illustrates the structure of the 3rd embodiment;

Figure 16 illustrates the hardware of mobile phone;

Figure 17 illustrates another demonstration of MFP;

Figure 18 illustrates the demonstration of mobile phone;

Figure 19 illustrates the step of carrying out according to the 3rd embodiment;

Figure 20 A illustrates the register for user RFID and access token are stored explicitly;

Figure 20 B illustrates according to the step of carrying out in MFP place of the 4th embodiment;

Figure 21 illustrates according to the step of carrying out in MFP place of the 5th embodiment;

Figure 22 illustrates according to the step of carrying out in mobile phone place of the 5th embodiment;

Figure 23 illustrates according to the step of carrying out in MFP place of the 5th embodiment;

Figure 24 illustrates according to the step of carrying out in MFP place of the 6th embodiment.

Embodiment

the first embodiment

Fig. 1 illustrates the framework of the image processing system of the first embodiment.This image processing system comprises MFP (multi-function peripheral) 10 and certificate server 12.MFP10 can be connected to internet via the local area network (LAN) such as Wi-Fi network 14 grades, thus the hosted Twitter API of access registrar server 12.

Fig. 2 illustrates the hardware configuration of MFP10.This MFP comprises CPU20, ROM21, hard disk drive 22 and RAM23.These assemblies are the standard hardware components of computer and other device and the common function of carrying out them.MFP10 also comprises display unit 24, operating unit 25, communication control unit 26, cis 27, record cell 28, video memory 29, graphics processing unit 210, authentication processing unit 211, card reader 212 and I/O control unit 213.Display unit 24 is arranged on touch-screen LCD display on MFP10 so that user can select and viewing information on MFP10.Operating unit 25 is that keypad and other button are so that user can be to MFP10 input authentication authority, setting and out of Memory.Communication control unit 26 is set in order to make MFP10 can utilize web server 12 to communicate via LAN.Cis 27 is the scanners that make it possible to carry out the scanning of document.Record cell 28 shown in Fig. 2 represents the parts that are exclusively used in printing of MFP10.Record cell 28 is for printing on recording medium by view data and exporting this recording medium and collect for user.Video memory 29 is for the set memory of storing image data during utilizing the scanning of cis 27 or utilizing the printing of record cell 28.Graphics processing unit 210 represents to be arranged on the various application-specific integrated circuit (ASIC)s (ASIC) in MFP10, thereby improves the speed of processing operation such as the specific image that scanned R, G, B data transaction is become to C, M, Y, K data etc. during copy operation.Authentication processing unit 211 is to authenticate set for the user's details to receiving from card reader 212.Via I/O control unit 213, at 211 places, authentication processing unit, receive the data from card reader 212.Authentication processing unit can be realized by the running software with CPU20 and RAM23 rather than as independent nextport hardware component NextPort.Said modules is via system bus 214 interconnection.

MFP10 operation system.In this particular example, operating system is as MEAP (the multi-functional built-in application program platform) application program (login application program) that is arranged on the runtime environment on the MFP device that Canon (RTM) sells.Operating system makes it possible to move JAVA application program and can comprise web interface as will be described later.Then these application programs can be controlled the operation of peripheral unit, and can show information and receive the input indication from user via operating unit 25 and touch sensible display unit 24.

The operation of image processing system is described referring now to Fig. 3～7.As below in further detail as described in, in an embodiment of the present invention, keeper uses service provider's (for example, such as Twitter etc. particular social network service) to manage the access for the ancillary equipment such as MFP10 etc.

the setting of the list on service provider

For example, keeper uses keeper Twitter account in Twitter, to create MFP list, thereby controls the access towards specific MFP by specific registration Twitter user.Can utilize Twitter list to represent each MFP.For example, the user of Internet access MFP10 will be included in the Twitter list that represents MFP10.Alternatively, in order more neatly each MFP to be carried out to access control, keeper can by logic clusters (as in Active Directory (AD) by creating) create user's list, for example can in Twitter, create group.Can be by keeping the license that be positioned at the group's (or twitter list) on MFP10 for this locality to realize above access control scheme, MFP10 (MEAP application program) can check that particular cluster is configured (information relevant with which group that will check without being stored in keeper Twitter account but can this locality be stored on MFP10) by keeper.Then can use access information management (AMS) that other access of variety classes/level of each the function/feature for each MFP is provided to different user's groups.For example, group 1 can copy and fax, but group 2 only can copy.

Keeper can be added/delete user and authorized/refuse towards the user of MFP10 by the Twitter list with respect to for MFP10 and accesses.

For example, once (, Twitter user ID is BenTesting2) keeper signs in to keeper Twitter account, shows the homepage shown in Fig. 3.In order to create list of Printers, keeper selects " list " from profile menu (upper left), and this will make to show the page shown in Fig. 4.As can be seen from Figure 4, created a list of Printers (Canon iR-ADV5030).As shown in Figure 5, in order to create new list, keeper clicks " establishment list ", the title (Canon iR-ADV2020) of input printer and description (for example, " near corner window ") and click " preservation list ".As shown in Figures 6 and 7, can to particular printer list, add new user by search subscriber in Twitter.Fig. 6 illustrates by " add or delete from list " near selection user's account name and gives the RobertTesting access for printer.Fig. 7 illustrates and selects to authorize user and access which platform printer.In the particular example shown in Fig. 7, the authorized access of user Canon iR-ADV2020.

general login process

With reference to figure 8, at MFP10 place, user inputs their login details (the step S810 of Fig. 8) via login screen.As below, by described in detail, in the first embodiment, by web browser, carry out the server of direct access services provider, thereby make user can make his/her username and password maintain secrecy and shared with MEAP application program or any other website; And in the back in described the second embodiment, user is directly inputted into MEAP application program by his/her authority, then MEAP application program is passed to service provider by these authoritys.In the step S820 of Fig. 8, MEAP application program is from service provider's request access token.In the step S830 of Fig. 8, MEAP application program receives access token from service provider.In the step S840 of Fig. 8, access (as described in earlier in respect of figures 3～7) by keeper service provider (for example, Twitter) the defined MFP list for MFP10 in, and whether the service provider ID (Twitter ID/ user name) that judges user is representing that user wishes in the MFP list of MFP10 of access (step S850).If user's Twitter ID in this list, allows this user to access MFP (the step S860 of Fig. 8).If user's Twitter ID, not in this list, can show error message (the step S870 of Fig. 8) on MFP10.

detailed login process

With reference to figure 9～11, for illustrative object, imagination user moves towards MFP10 and wishes the scene of access MFP10.When user checks the display unit 24 of MFP10, he or she sees the demonstration corresponding with Fig. 9.User uses the touch-screen of display unit 24 to select " utilizing Twitter to login " icon 60.The icon 60 touching on this touch-screen makes to change state to show login screen (the step S1101 of Figure 11) as the MEAP application program of login application program.

MEAP application program is configured to allow to use one or more social networking service (for example, Twitter) to login.For this reason, MEAP application program obtains in advance one group of client authority from Twitter (client identifier and key activates API for the OAuth of Twitter.

In the step S1102 of Figure 11, MEAP application program judges whether it has the OAuth access token of storing for user.If MEAP application program has access token, this MEAP application program skips to forward step S1114.If MEAP application program does not have access token, this MEAP application program enters step S1103.

In the step S1103 of Figure 11, MEAP application program submits to signature request to obtain unwarranted request token with the OAuth authentication service from Twitter.Now, unwarranted request token will not be that Resource Owner is distinctive, thereby and can be used to obtain Resource Owner's approval from user and be accessed his/her Twitter account by MEAP application program.

In the step S1104 of Figure 11, the OAuth authentication service of Twitter asks to make to reply to having the MEAP of unwarranted request token.In the step S1105 of Figure 11, in the situation that MEAP application program receives unwarranted request token, the OAuth user that this MEAP application program redirects the user to the Twitter with unwarranted request token authenticates URL (Figure 10), to point out user to login and to authorize this token.Redirect URL is identified following content: unwarranted request token; Once and for approval be awarded the application program to MEAP, ask Twitter that user is redirected back to the Callback URL of MEAP application program.

In the step S1106 of Figure 11, the browser on MFP10 sends request to manage redirected by the OAuth login page to Twitter.In the step S1107 of Figure 11, redirect the user to specific T witter URL (Figure 10) and ask user to login website.OAuth requires Twitter first to authenticate Resource Owner, then asks user (Resource Owner) (for example,, via the access request page) permits access MFP.

User can be by checking that browser URL (Figure 10) confirms that whether he/her is now in Twitter webpage, and can input his/her Twitter username and password (the step S1107 of Figure 11 and S1108).

By web browser, directly accessing Twitter server makes user can make his/her username and password maintain secrecy and not share with MEAP application program or any other website.User will never be by his/her authority input MEAP application program.

When signing in to Twitter or after successfully signing in to Twitter, requiring user grants access MEAP application program is client.Twitter to user notification who just in the type of request access (in this case for MEAP application program) and the access of authorizing.User can ratify or denied access (the step S1108 of Figure 11).

And if once that user has ratified the authority that this request inputs is effective, Twitter will ask the Resource Owner (the step S1108 of Figure 11) that token (interim authority) identification (mark) is authorized for user.If user grants access, the OAuth authentication service of Twitter is redirected back to user to the MEAP application program in step S1106 and comprises the Callback URL (the step S1109 of Figure 11) in URL.User can also refuse account access, and OAuth authentication service will show that link is back to the page of MEAP application program in this case.In the step S1110 of Figure 11, this is redirected user's browser administration and sends request to Callback URL.Redirect URL comprises authorization requests token value.Thereby, browser is redirected back to the application program to MEAP together with interim authority identifier (authorization requests token).

In step S1111, MEAP application program is committed to signature request the OAuth authentication service of Twitter to use request exchange of token access token.In step S1112, the OAuth authentication service of Twitter is to making and replying from the request with access token of MEAP application program.Request token is only suitable for and obtains user's approval, and access token for example, for accessing locked resource, being user's Twitter ID (, Twitter account user name) in this case.In the first request, MEAP application program is by being committed to signature request the authentication service of Twitter request exchange of token access token (S1111, S1112).Can store the obtained access token being associated with specific user (the step S1113 in Figure 11), for example, so that MEAP application program can (be carried out authentication request to same subscriber with identical access token in the future, as described in more detail in the 4th embodiment below, the RFID for user can be stored in to MFP10 place explicitly with the access token previously obtaining).In step S1114, MEAP application program is used access token to submit to API to ask to authenticate this request.Especially, in second (can be a plurality of requests) signature request, MEAP application program obtains user's Twitter ID (the step S1115 of Figure 11) from the API of Twitter.Simultaneously, access (as described in earlier in respect of figures 3～7) is by keeper's defined MFP list for MFP10 in Twitter, and whether the Twitter ID that judge user is representing that user wishes in the MFP list of the MFP10 that accesses (the step S1116 of Figure 11 and S1117).Due to MEAP application storage and input keeper's username and password, so the direct Access Management Access person Twitter account of MFP10.Alternatively, without storage administrator's usemame/password.In this case, keeper logged in OAuth via servlet (web user interface) in setup time.Then, this locality is stored the access token of the account and is refreshed token.In the overdue situation of access token, (in Twitter, unlikely occur), can again authenticate with refreshing token.Then, use keeper's access token to visit keeper's Twitter account and access successively the defined MFP list in Twitter by keeper.If user's Twitter ID is in this list, user is authorized to access MFP.If user's Twitter ID, not in this list, can show error message on MFP10.

the second embodiment

Above for " setting of the list on service provider " described in ground relevant to Fig. 3～7 and above and Fig. 8 about the explanation of " general login process " described in ground is also applicable to the present embodiment, therefore for the second embodiment, will not repeat this explanation below.

login based on xAuth

The alternative arrangements of the configuration shown in Fig. 9～11 is described referring now to Figure 12～14.OAuth standard 1.0 is to make website or the application program can be in the situation that without requiring user to disclose their authority via the agreement of the protected web resource of API Access.Figure 12～14 illustrate following technology, wherein this technology is not for having, in the unavailable or unsuitable situation of the HTTP redirection towards browser of any mechanism etc. of the web browser called, to make user that their authority can be provided such as operating in MEAP application program on MFP10.The present embodiment is realized the version that (due to used x_auth head) is called as the OAuth of xAuth.This version of OAuth use from as described in for Fig. 9～11 need to be towards the different flow process of the round traditional OA uth experience of browser.

Towards the xAuth expansion of OAuth, make authority that client (for example, MEAP application program) can obtain user then with these authoritys, exchange OAuth access token without march to browser in the situation that.The multipad that xAuth is suitable for moving in being subject to trusted environment and mobile applications (with not relative at the weblication that is subject to move under trusted environment).

XAuth is still a part for OAuth agreement.Still need signature request to be sent to special services provider (for example, Twitter).

XAuth processes and will only produce access token read-only or read-write.Directly message read access is not equipped with xAuth.

XAuth provides multipad and mobile applications with username and password, to exchange the mode of OAuth access token.Once retrieve access token, move/multipad solves the password corresponding with user.Can also utilize movement/multipad to solve user name.Yet, as below for the step S1403 of Figure 14 in further detail as described in, can utilize movement/multipad to store user name.

XAuth makes multipad and mobile applications can skip request _ token and authorisation step, and jumps directly to access _ token step.

in order to obtain the client-requested of access token

With reference to Figure 12～14, for illustrative object, imagination user moves towards MFP10 and wishes the scene of access MFP10.When user checks the display unit 24 of MFP10, he or she sees the demonstration corresponding with Figure 12.User uses the touch-screen of display unit 24 to select " utilizing Twitter to login " icon 70.The icon 70 touching on this touch-screen makes to change state to show login screen (the step S1401 of Figure 14) as the MEAP application program of login application program.MEAP application program is configured to support to use the login such as one or more service providers of the social networking service of Twitter, Facebook and Google+ etc.MEAP application prompts user uses operating unit 25 that their authentication authority is inputed to MEAP application program (the step S1402 of Figure 13 and Figure 14).In the present embodiment, because user is directly inputted into MEAP application program (Figure 13) by his/her user name, so MEAP application program can be in advance by inputted user name with for this specific user's access token, store explicitly.In the step S1403 of Figure 14, whether MEAP Application inspection is pre-stored for specific user's access token.If pre-stored access token, the flow process of Figure 14 skips to step S1407.If there is no pre-stored access token for specific user, the flow process of Figure 14 enters step S1404.In the step S1404 of Figure 14, in order to ask the access token for the less MEAP application program of browser, MEAP application program for example, to service provider's access token URL (, the Twitter access token URL https: //api.twitter.com/oauth/access_token) carry out SSL (HTTPS) request with client's key of MEAP application program.Except traditional oauth_* signature parameter, must submit following issue parameter to:

X_auth_username-client rectifies the user's who represents its acquisition token the proof of Register

X_auth_password-client rectifies the user's who represents its acquisition token password authority

This value of x_auth_mode-must be " client_auth " (with reference to processing described here)

reply

For granted access token, service provider (for example, the social networks provider of Twitter etc.) carries out following inspection:

Zero is as defined in OAuth standard, good authentication ask for an autograph.

Before zero, never receive and there is supplied with timestamp and the request of random number.

Zero username and password of supplying with and user's authority matches.

If success, service provider (for example, Twitter API) generates access token and token key and the two is turned back to HTTP and replys (the step S1405 of Figure 14) in body.This response packet contains following parameter:

Zero oauth_token-access token.

The secret key of zero oauth_token_secret-token.

Zero x_auth_expires-timestamp, adopts following form: from the overdue 1970-01-01T00:00 of access token for second or be 0 not specifying in overdue situation.

Zero additional parameter-any additional parameter as defined in service provider.

access locked resource

After successfully receiving access token and token key, MEAP application program can be according to the 7th part representative of consumer access locked resource of OAuth standard.In other words, the access token that obtained here with utilize the specified access token of OAuth standard not distinct in performance.Can utilize MEAP application program to store the obtained access token being associated with specific user (the step S1406 of Figure 14), in the situation that specific user then accesses MFP10, the flow process of Figure 14 can skip to step S1407 from step S1403 thus.Once use above processing to authenticate; MEAP application program, by using returned token key to sign for all subsequent request (the step S1407 of Figure 14 and S1408) of user's locked resource (user's Twitter ID), is also this situation when using OAuth.Especially, MEAP application program uses obtained access token to come the API (for example, Twitter API) of request service provider so that user's Twitter ID (user name) to be provided.Once MEAP application program has obtained user's Twitter ID (the step S1408 of Figure 14), on backstage, access (as above with reference to as described in figure 3～7) is by keeper's defined MFP list for MFP10 in Twitter, and whether the Twitter ID that judge user is representing that user wishes in the MFP list of the MFP10 that accesses (the step S1409 of Figure 14 and S1410).If user's Twitter ID is in this list, this user is authorized to access MFP10.If user's Twitter ID, not in this list, shows error message on MFP10.

the 3rd embodiment

Figure 15 illustrates the framework of the image processing system of the 3rd embodiment.This image processing system comprises MFP (multi-function peripheral) 10 of the first embodiment and the second embodiment and certificate server 12 and the mobile device of mobile phone 11 for example.MFP10, mobile phone 11 and certificate server 12 can be used network and the internet such as Wi-Fi network 14 etc. to communicate each other.

Figure 16 illustrates the hardware configuration of mobile phone 11.Mobile phone 11 comprises the control unit 30 that is connected to digital signal processing unit 31.Control unit 30 is controlled the operation of display unit 32, operating unit 33, camera unit 34, exterior I/F35, wireless communication unit 36 and power subsystem 37.Display unit 32 comprises the LCD display that shows information for the user to phone 11.Operating unit 33 comprises that keypad and other action button are so that user can input to mobile phone 11.Camera unit 34 is so that user can take pictures and collect visual information with the integrated camera of phone 11.Exterior I/F35 is arranged on port in mobile phone 11 so that mobile phone 11 can communicate with other device.Especially, exterior I/F35 makes mobile phone 11 to be connected to computer so that the data (contact details, calendar etc.) that are stored on mobile phone 11 are synchronizeed with storage data on computers.Wireless communication unit 36 provides the support for various wireless services.Especially, wireless communication unit 36 provides the support for Wi-Fi communication.Wireless communication unit 36 is connected to antenna 38.Power subsystem 37 comprises battery and the mechanism for battery being charged from external power source.

Digital signal processing unit 31 is connected to audio frequency input unit 39, audio output unit 40 and RF I/O unit 41.Audio frequency input unit 39 is for from microphone 42 received audio signals modulus processor that these audio signals are changed.Audio output unit 40 is for receiving digital signals and these digital signals is converted to the digital-to-analogue processor of the simulation output that loud speaker 43 will export.RF I/O unit 41 is connected to antenna 44 and for mobile phone 11 can be communicated with local mobile telephone station.Audio frequency input unit 39, audio output unit 40, digital signal processing unit 31 and RF I/O unit 41 make mobile phone 11 to carry out work as pocket phone.

Mobile phone 11 is so-called " smart phone " and operation Google (RTM) Android (RTM) operating system.In other embodiments, can use the phone of other type of the phone etc. that comprises the different mobile phone operating system of operation.

Above for " setting of the list on service provider " described in Fig. 3～7 be above also applicable to the present embodiment for the explanation of " general login process " described in Fig. 8, for the 3rd embodiment, the explanation of these figure will do not repeated therefore below.Note that about Fig. 8, in the 3rd embodiment, received login details are PIN code.

use the access of mobile phone

The alternative arrangements of the configuration shown in Fig. 9～11 and 12～14 is described referring now to Figure 17～19.Figure 17～19 illustrate following technology, and wherein this technology, in the situation that run on any mechanism that MEAP application program on MFP10 does not have the web browser called, makes user that their authority can be provided by OAuth mechanism.

For illustrative object, the user that the imagination is controlled mobile phone 11 moves towards MFP10 and wishes the scene that use MFP10 scans or prints.When user checks the display unit 24 of MFP10, he or she sees the demonstration corresponding with Figure 17.User uses the touch-screen of display unit 24 to select " utilizing Twitter to login " icon 50.The icon touching on this touch-screen makes to change state to show login screen (the step S1901 of Figure 19) as the MEAP application program of login application program.

MEAP application program is configured such that can use one or more social networking service (for example, Twitter) to login.For this reason, MEAP application program obtains one group of client authority (client identifier and key) for the OAuth activation API of Twitter in advance from Twitter.

MEAP application program comprises that by submission oauth_callback=oob is as one of them signature request of required parameter, from Twitter, ask one group of interim authority, with the OAuth authentication service from Twitter, obtain request token (the step S1902 of Figure 19).Now, interim authority is not that Resource Owner is distinctive, thereby and can be used to obtain Resource Owner's approval from user and be accessed his/her Twitter account by MEAP application program.

In the situation that MEAP application program receives interim authority (request token) (the step S1903 of Figure 19), this MEAP application program generates the linking of the OAuth subscriber authorisation URL towards Twitter that comprises (corresponding with request token) oauth_token parameter.Then, MEAP application program by this link embedding machine readable code towards the OAuth subscriber authorisation URL of Twitter or bar code (for example, QR code), and by this bar code display (step S1904 of Figure 19) on the display unit 24 of MFP10.

Then, the user who controls mobile phone 11 is scanned (the step S1905 of Figure 19) with the appropriate application on mobile phone and is presented at the machine readable code on MFP10, thereby the web browser that makes mobile phone 11 is redirected to the OAuth subscriber authorisation URL (the step S1906 of Figure 19 and S1907) of Twitter, wherein ask user to login Twitter (the step S1908 of Figure 18 and Figure 19 and S1909).As before, OAuth requires server first to authenticate Resource Owner (user), then asks these Resource Owner's granted access clients (for example, MEAP application program).

User can be by checking that browser URL (Figure 18) confirms that he/her is in Twitter webpage, and input his/her Twitter username and password (the step S1909 of Figure 18 and Figure 19).

OAuth makes user can make his/her username and password maintain secrecy and not share with MEAP application program or any other website.User will never input to his/her authority MEAP application program.

When signing in to Twitter or after successfully signing in to Twitter, requiring user grants access MEAP application program is client.Twitter to user notification who just in the type of request access (being MEAP application program in this case) and just authorized access.User can ratify or denied access (the step S1909 of Figure 19).

And if once that user has ratified the authority that this request inputs is effective, Twitter identifies by interim authority the Resource Owner that (mark) authorizes for user.Then, the browser on mobile phone 11 is redirected to the page (the step S1910 of Figure 19) that shows oauth_verifier (for example, PIN code).

User uses the operating unit of MFP10 PIN code to be inputed to the picture (the step S1911 of Figure 19) of MEAP application program, and inputted PIN code (the step S1912 of Figure 19) can also be collected and store to MEAP application program.

When user waits for, on backstage, MEAP application program is used and to be comprised that PIN code that user inputs is as the authorization requests token of the value of oauth_verifier, and with this authorization requests exchange of token access token (the step S1913 of Figure 19 and S1914).Request token is only suitable for and obtains user's approval, and access token is for accessing locked resource, being user's Twitter ID in this case.In the first request, MEAP application program is submitted signature request request exchange of token access token (the step S1913 of Figure 19 and S1914) to by the authentication service to Twitter.Can store the obtained access token being associated with specific user (the step S1915 of Figure 19), so that MEAP application program can be carried out authentication request to same subscriber with identical access token in the future.In second (can be a plurality of requests) request, MEAP application program obtains user's Twitter ID (the step S1916 of Figure 19 and S1917).Simultaneously, on backstage, access (as described in earlier in respect of figures 3～7) is by keeper's defined MFP list for MFP10 in Twitter, and whether the Twitter ID that judge user is representing that user wishes in the MFP list of the MFP10 that accesses (the step S1918 of Figure 19 and S1919).If user's Twitter ID is in this list, this user is authorized to access MFP10.If user's Twitter ID, not in this list, can show error message on MFP10.

Oauth_callback is optional parameters, wherein with reference to figure 9～11, and the URL that this optional parameters designated user will be redirected to after authorizing the Twitter account of MEAP application program calling party.For Figure 17～19, oauth_callback is set to oauth_callback=oob, thereby PIN code is presented on MFP10.Yet, can skip PIN code step display (the step S1910 of Figure 19) by oauth_callback parameter is not set.Therefore, after user successfully completes login process (the step S1909 of Figure 19), this flow process can jump directly to step S1913, wherein in this step S1913, with request exchange of token access token.

the 4th embodiment

Above for " setting of the list on service provider " described in Fig. 3～7 be above also applicable to the present embodiment for the explanation of " general login process " described in Fig. 8, for the 4th embodiment, will not repeat this explanation therefore below.

With reference to figure 20A and 20B, for illustrative object, imagination user moves towards MFP10 and wishes the scene of access MFP10.In the present embodiment, user uses (for example, being added into mobile phone 11) rfid card or RFID label to visit MFP10.In the situation that user touches card reader 212 by their rfid card or RFID label, as the MEAP application program of login application program, change state so that login screen is presented on MFP10.MEAP application program keeps having accessed in advance the user's of MFP10 register, and the RFID ID based on received judge for specific user whether pre-stored access token (referring to Figure 20 A).

In the step S2001 of Figure 20 B, MEAP application program receives RFID via card reader 212.In the step S2002 of Figure 20 B, whether the MEAP application program judgement access token corresponding with received RFID is present in the register that MEAP application program keeps.

If there is access token for received RFID, the flow process of Figure 20 B enters step S2003.In step S2003, access (as described in earlier in respect of figures 3～7) is by keeper's defined MFP list for MFP10 in Twitter, and whether the Twitter ID that judge user is representing that user wishes in the MFP list of the MFP10 that accesses.

If user's Twitter ID is in this list, this user is authorized to access MFP (the step S2004 of Figure 20 B).If user's Twitter ID, not in this list, can show error message (step S2005) on MFP10.Step S2003, S2004 are corresponding with step S1916～S1919 of step S1114～S1117 of Figure 11, step S1407～S1410 of Figure 14 and Figure 19 with S2005.

In the step S2002 of Figure 20 B, if be judged as for received RFID, there is not access token, the flow process of Figure 20 B enters step S2006.In step S2006, can be by obtaining access token according to any in foregoing Fig. 8,11,14 and 19 flow chart.Once utilize MEAP application program to receive access token, MEAP application program is stored in (Figure 20 A) in register by specific user's RFID and corresponding access token.

the 5th embodiment

The framework (Figure 15) of the image processing equipment described in the 3rd embodiment and the hardware configuration (Figure 16) of mobile phone are also applicable to the present embodiment, therefore will not repeat these the description of the drawings in the present embodiment.Explanation for " setting of the list on service provider " described in Fig. 3～7 is also applicable to the present embodiment above, therefore will not repeat these the description of the drawings in the present embodiment.According to " the using the access of mobile phone " in following execution the 5th embodiment.

For illustrative object, the user that the imagination is controlled mobile phone 11 moves towards MFP10 and wishes the scene that use MFP10 scans or prints.When user checks the display unit 24 of MFP10, he or she sees the demonstration corresponding with Figure 17.User selects " utilizing Twitter to login " icon 50 with the touch-screen of display unit 24.The icon touching on this touch-screen makes to change state login screen is presented to MFP10 upper (the step S2101 of Figure 21) as the MEAP application program of login application program.

MEAP application program is configured such that can use one or more social networking service (for example, Twitter) to login.For this reason, keeper has been pre-created the social networking service account (for example, Twitter account) for MFP10.The MEAP application program operating on MFP10 is configured to generate random number (the step S2102 of Figure 21) by random or Pseudo-random number generator.MEAP application program is connected to the Twitter account (the step S2103 of Figure 21) of MFP, and one or more users of this random number and social networking service are registered to (the step S2104 of Figure 21) explicitly.For example, can make random number be associated with the above list for the user described in Fig. 3～7 (link).MEAP application program by the information embedding machine readable code of Twitter account (user name) of random number and identification MFP or bar code (is for example configured to, QR code) (the step S2105 of Figure 21), and by this machine readable code or bar code display on the display unit 24 of MFP10 (the step S2106 of Figure 21).

Then the user who, controls mobile phone 11 starts the application program (the step S2201 of Figure 22) for authenticating the user at ancillary equipment place on mobile phone 11.By the application program on mobile phone 11, scan machine readable code or the bar code (S2202 of Figure 22) being presented on MFP10, and this application program is configured to make user automatically to sign in to their Twitter account (S2203 of Figure 22).Then, this application program is configured to generate the message (S2204 of Figure 22) of the information that comprises the identification code being presented on ancillary equipment and the social networks account of identifying user.Then, this application program is used the Twitter account of MFP to send direct message or the microblogging (S2205 of Figure 22) that utilizes MEAP application program to watch.Can by this message directly (directly message, in confidence) be sent to the Twitter account (inbox) of MFP, or can be by this data publish the position to a plurality of user-accessibles of Twitter.For example, microblogging can be sent to (issue) to user's follower.Certainly, the step of the step of generating messages and transmission message signs in to the step of Twitter, can manually be carried out by user.The MEAP application program operating on MFP10 is configured to come from Twitter searching message (S2301 of Figure 23) by signing in to the Twitter account of MFP.MEAP application program is configured to judge the details (referring to the step S2104 of Figure 21) whether corresponding (S2302 of Figure 23) of registering in the social networks account of the details that comprise in this message and MFP.For example, MEAP application program judges that whether random number and the user ID in the Twitter account of the user ID that comprises in this message and random number and MFP, registered be corresponding.If these details are corresponding, MFP10 authorized user conduct interviews (S2303 of Figure 23).MEAP application program can be authorized the access rights of different stage by the social networking service accounts information based on user to different users.For example, user name 1 can be endowed and copy and scan license, and user name 2 can only be endowed copy permission.Certainly, if received details are not mated with the details of registering in Twitter account in this message, MFP10 does not authorize access privilege (S2304 of Figure 23).

In alternate embodiment, the gps coordinate based on MFP10 generates identifying information.MFP10 is (a part for first identifying information of for example, registering on Twitter) using the gps coordinate registration of the predetermined quantity of MFP as social networking service.In the situation that user wishes to access MFP10, user is placed on mobile phone 11 MFP10 above and opens the predetermined application on mobile phone 11.GPS unit on this predetermined application access mobile phone 11, and the gps coordinate of the position of identification marking mobile phone (alternatively, this mobile phone can read gps coordinate from the display of MFP).Application program on mobile phone 11 is selected the gps coordinate of predetermined quantity, and is used in the message that will be sent to MFP10 these coordinates as identifying information.Because mobile phone 11 and MFP10 are positioned in same position (mobile phone 11 rests on MFP10), first identifying information of therefore registering for MFP10 is consistent with the identifying information that mobile phone 11 generates, and if (being also contained in mobile phone is sent to the message of MFP10) Twitter ID of user is associated with the gps coordinate for MFP10 of registering Twitter, allow user to access MFP10.

the 6th embodiment

In the present embodiment, keeper arranges social networking service account (for example, Twitter) for MFP10.The MEAP application program operating on MFP10 is configured to be connected to the social networking service account (S2401 of Figure 24) of MFP, and the relevant information of the operation with MFP10 is sent to the user (S2402 of Figure 24) of social networking service.For example, MFP10 has Twitter account.Interested user will be by " concern " MFP10 (these users will be keeper's type users conventionally).Then, MFP10 can be configured to send the microblogging that comprises following content: for example medium is used up, the information relevant with its situation of paperboard and other mistake or for example identify MFP10 user, the information relevant with its purposes of the cost that uses MFP10 is described in detail in detail to user; The information relevant with the position of ancillary equipment; With the integral body of ancillary equipment or the movable relevant information of individual consumer; Ancillary equipment is described in detail in detail for example, for the information of the material (, paper type) processing user action and use; And information on services (for example,, for the request of serving).

the 7th embodiment

The present embodiment is the variation of the 6th embodiment.In the present embodiment, MFP10 is configured to send the information relevant with user's activity to the similar user of social networking service by its social networking service account.For example, suppose that MFP10 has Twitter account, can be configured to promote may be as in order to broadcast the User Activity of the market instrument of sales promotion information for MEAP application program, for example " JoeBloggs just with bright-coloured Canon Color Replication 15 parts! Please select Canon! ".In this case, the MEAP application program in MFP10 is sent out microblogging by user's Twitter account, and user will need granted rights to allow this operation.This may occur during OAuth/xAuth login process discussed earlier.Alternatively, MFP10 is used the twitter account that its oneself account is sent out microblogging and mention user in microblogging.

Embodiments of the invention have below been described.Can also be by reading and the program that is set up at memory device of executive logging realizes more embodiment of the present invention to carry out the system of function of above-described embodiment and the method by below, wherein, by the program of for example reading and executive logging is set up at memory device, to carry out the function of above-described embodiment, carry out each step of said method.Due to this reason, for example, via network or for example, by the various types of recording mediums (, computer-readable medium) as storage arrangement, this program is offered to ancillary equipment, mobile device and image processing system.

Claims

1. for authenticating the user's that ancillary equipment (10) locates a method, comprise the following steps of being undertaken by described ancillary equipment (10):

From user, receive (S810) logging request;

To social networking service, send (S820) request to authenticate described user's social networking service account;

From described social networking service, receive (S830) described user's social networking service accounts information;

Determining step, judges for the social networking service accounts information based on described user whether (S840) described user is authorized to the described ancillary equipment of access; And

In the situation that the social networking service accounts information of described determining step based on described user is judged as the described ancillary equipment of the authorized access of described user, allow (S850, S860) described user to access described ancillary equipment (10).

2. method according to claim 1, wherein, described determining step comprises: be connected with keeper's social networking service account, with the social networking service accounts information that the judges described user (S1116 that whether is associated with list in described social networking service, S1117, S1409, S1410).

3. method according to claim 2, wherein, is illustrated in described ancillary equipment (10) in described social networking service in the mode being associated with one or more lists of the member of described social networking service in described social networking service.

4. method according to claim 3, wherein, expression by described ancillary equipment (10) in described social networking service comprises with the step that one or more lists of the member of described social networking service are associated: the one or more lists for the member of described social networking service, define the access level for the function of described ancillary equipment (10).

5. according to the method described in any one in claim 1 to 4, wherein, the step sending request to described social networking service comprises: from described social networking service request access token (S1111, S1112, S1407, S1408).

6. the method claimed in claim 5 in the situation that of according to any one in quoting claim 2 to 4, wherein, described determining step comprises: the social networking service user name that obtains described user with described access token, and judge described user name whether be associated with the expression of described ancillary equipment in described social networking service (S1114～S1117, S1407～S1410).

7. according to the method described in claim 5 or 6, wherein, also comprise storing step, in described storing step, by described access token with for identifying described user's information, be stored in explicitly described ancillary equipment (10) (S1113, S1406).

8. method according to claim 7, wherein, described storing step comprises: described access token and described user's RFID is stored to (S2002) explicitly.

9. according to the method described in claim 7 or 8, wherein, the described access token of storing carries out the logging request of repetition for representative of consumer.

10. according to the method described in any one in claim 5 to 9, wherein, from the step of described social networking service request access token, comprise: use OAuth authentication processing or xAuth authentication processing.

11. according to the method described in any one in claim 1 to 10, and wherein, described ancillary equipment (10) comprises as at least one the peripheral unit in printer, facsimile machine and scanner.

12. according to the method described in any one in claim 1 to 11, and wherein, before sending described request to described social networking service, mobile device (11) is determined the first information that (S1905) described ancillary equipment (10) provides.

13. methods according to claim 12, wherein, the described first information is URL,

Described ancillary equipment (10) provides described URL to described user, and

Described mobile device (11) inputs to described mobile device (11) by described user by described URL and determines described URL.

14. methods according to claim 13, wherein, the received described URL of described mobile device (11) makes user can login described social networking service.

15. methods according to claim 13, wherein, the received described URL of described mobile device (11) makes user can login (S1909) described social networking service and authorize and send access token to described ancillary equipment (10).

16. methods according to claim 12, wherein, described ancillary equipment (10) provides the described first information resulting machine readable code of encoding, and

Described mobile device (11) is determined (S1905) described first information by the described machine readable code reading and the described ancillary equipment (10) of decoding provides.

17. according to claim 12 to the method described in any one in 16, wherein, to described social networking service, sending described request with after authenticating described user, described mobile device (11) is determined the second information (S1910) that described social networking service provides.

18. methods according to claim 17, wherein, described the second information is code, and described method is further comprising the steps of: described ancillary equipment (10) receives (S1911) described code via the user interface (25) of described ancillary equipment (10) from described user.

19. methods according to claim 16 or according to the method described in the claim 17 or 18 in the situation that quoting claim 16, wherein, described machine readable code is bar code or QR code.

20. 1 kinds of ancillary equipment (10), for carrying out following operation:

From user, receive logging request;

To social networking service, send request to authenticate described user's social networking service account;

From described social networking service, receive described user's social networking service accounts information;

Social networking service accounts information based on described user judges the whether authorized access described ancillary equipment (10) of described user; And

In the situation that the social networking service accounts information of described ancillary equipment (10) based on described user is judged as the authorized access of described user described ancillary equipment (10), allow described user to access described ancillary equipment (10).

21. 1 kinds of mobile devices (11), it comprises that described function comprises for authenticating the user's that ancillary equipment (10) locates function:

For read and the machine readable code of decoding to determine the parts of identifying information; And

Thereby authorize for make user can login social networking service with determined described identifying information the parts that send access token to described ancillary equipment (10).

22. 1 kinds for authenticating the user's of ancillary equipment (10) system, and described system comprises:

Ancillary equipment (10), for receiving logging request from user, and sends request to authenticate described user's social networking service account to social networking service; And

Social networking service, for receiving described request and described user's social networking service accounts information being sent to described ancillary equipment (10),

Wherein, described ancillary equipment (10) carries out following operation:

23. 1 kinds for authenticating the user's that ancillary equipment (10) locates method, comprises the following steps:

Mobile device (11) determines (S2202) first identifying information and to described ancillary equipment (10), sends (S2205) access request via social networking service, and wherein said access request comprises determined described the first identifying information and for identifying the second information of described user's social networking service account;

Described ancillary equipment (10) receives described access request via described social networking service, and the information based on described access request judges the whether authorized access described ancillary equipment (10) of (S2302) described user; And

In the situation that described ancillary equipment (10) is judged as the described user described ancillary equipment of authorized access (10) based on described access request, described ancillary equipment (10) allows (S2303) described user to access described ancillary equipment (10).

24. methods according to claim 23, wherein, before described ancillary equipment (10) carries out described judgement, described ancillary equipment (10) be connected with keeper's social networking service account (S2103), and (S2104) registered in the expression in described social networking service explicitly by described the first identifying information and described ancillary equipment (10)

Wherein, described ancillary equipment (10) judges that the step of (S2302) comprising: be connected with described keeper's social networking service account, access described access request, and judge that information in described access request is whether corresponding with the details of registered described ancillary equipment (10).

25. methods according to claim 24, wherein, described access request is from described user's social networking service account, to be sent to the direct message of described keeper's social networking service account.

26. according to the method described in any one in claim 23 to 25, and wherein, described ancillary equipment (10) is based on determining the access level for described ancillary equipment for identifying described second information of described user's social networking service account.

27. according to the method described in any one in claim 23 to 26, wherein,

Described the first identifying information comprises code,

Described ancillary equipment (10) provides described code to user, and

Described mobile device (11) inputs to described mobile device (11) by described user by described code and determines (S2202) described first identifying information.

28. according to the method described in any one in claim 23 to 26, wherein,

Described ancillary equipment (10) provides described the first identifying information resulting machine readable code of encoding, and

Described mobile device (11) is determined (S2202) described first identifying information by the described machine readable code reading and the described ancillary equipment (10) of decoding provides.

29. according to the method described in any one in claim 23 to 28, and wherein, described the first identifying information comprises random number.

30. according to the method described in any one in claim 23 to 29, and wherein, described the first identifying information comprises for identifying the information of keeper's social networking service account.

31. according to the method described in any one in claim 23 to 30, and wherein, described ancillary equipment (10) is configured to generate described the first identifying information.

32. according to the method described in any one in claim 23 to 26, wherein,

Described the first identifying information can obtain according to the position of described ancillary equipment, and

Described mobile device (11) is determined (S2202) described first identifying information by detecting the position of described ancillary equipment (10).

33. 1 kinds for authenticating the user's that ancillary equipment (10) locates system, and described system comprises:

Mobile device (11), for determining the first identifying information and sending access request via social networking service to described ancillary equipment, wherein said access request comprises determined described the first identifying information and for identifying the second information of described user's social networking service account; And

Ancillary equipment (10), for receiving described access request, and the information based on described access request judges whether authorized access described ancillary equipment (10) of described user,

Wherein, described ancillary equipment (10) is configured to, in the situation that described ancillary equipment (10) is judged as the described user described ancillary equipment of authorized access (10) based on described access request, allow described user to access described ancillary equipment (10).

34. 1 kinds of mobile devices (11), it comprises that described function comprises for authenticating the user's that ancillary equipment (10) locates function:

For reading and thereby the machine readable code of decoding is determined the parts of the first identifying information; And

For send the parts of access request to described ancillary equipment (10) via social networking service, wherein said access request comprises determined described the first identifying information and for identifying the second information of described user's social networking service account.

35. 1 kinds of ancillary equipment (10), comprising:

For the form with machine readable code, to user, provide the parts of the first identifying information; And

Be used for accessing social networking service account and judge the whether authorized parts of accessing described ancillary equipment (10) of described user based on described the first identifying information.

36. ancillary equipment according to claim 35 (10), wherein, at least one mode that provides the parts of described the first identifying information to be configured in the following manner, to described user, provide described the first identifying information: the display that described the first identifying information is presented to described ancillary equipment (10); And print described the first identifying information.

37. according to the ancillary equipment described in claim 35 or 36, and wherein, described the first identifying information comprises random number.

38. according to the ancillary equipment described in any one in claim 35 to 37, and wherein, described the first identifying information comprises for identifying the information of keeper's social networking service account.

39. according to the ancillary equipment described in any one in claim 35 to 38, wherein, also comprises: for generating the parts of described the first identifying information.

40. according to the ancillary equipment described in claim 39, and wherein, described ancillary equipment (10) is configured to provide described the first identifying information with the form of bar code or QR code.

41. according to the ancillary equipment described in any one in claim 20,22,33,35 to 40, wherein, also comprises as at least one the peripheral unit in printer, facsimile machine and scanner.